Hi guysThis is my first post in EH.net, although I have been a regular visitor for the past 6 months lurking on OSCP discussions. This forum has helped me immensely, in reading discussions by people who were in a similar situation as me, as well as from people who had got the certification and were giving tips and encouragement. So I had promised myself if I would get OSCP, I would definitely share my exp here, and hope it may help someone else.

My background: I have been working in IT sec for arround 9 years in SE Asia, as a C++ systems and Java programmer, then Web app Vuln Assessment, and now in security architecture review. So my background is IT security BUT no sys / network admin experience at all, and it was my biggest handicap in giving OSCP. My strength was the few years I had done web application VA, although VA is very different from a full fledged pen test in terms of skill and mind set.

OSCP labs: I will keep it very brief, because others have written a lot about it and I have nothing new to contribute here: its awesome, its great, there is nothing like it, you will be tortured like hell and you will love every moment of it etc. The gist of my lab experience was I rooted arround 25 machines, I took 3 months of lab time (the last month was an overkill though I was mentally too fatigued to do much). I tried to do the labs from 10 pm to 1 am every work night and as much as possible on weekends, not an easy thing when you are married with a 2 year old, so having a very understanding wife helps!

OSCP exam: Instead of the technical part of the exam, which we are not supposed to discuss anyways because of the NDA, I will focus on what I did right and wrong- Mistake 1 : I took the exam at 10 pm on last Friday night. the plan was that I will have peace and quite while my kid is sleeping. I forgot I was not in 20 anymore, (am 32!) so the college days when I could do night outs and survive on coffee and redbull were long gone.The result of this was: i got the exam at 10, the first 2 hours went by in a rush of adrenalin where I tried to do everything at once, the next 2 hours in a sense of dread where I realised nothing was working! And I was getting sleepier as the night progressed, by 5 am I had got no machines and I gave up for the time being and took a nap till 8.

- That was a good idea, as a lot of people have pointed out taking frequent breaks really helps. from 8 to 10.30 i got a box , gave the missus a high five and took a short nap, got another box by 1 pm.

- The rest of it was very tough going, and I have edited my previous entries so as not to give away too much info. Suffice to say I took the full 24 hours

- Big Mistake #2 i made here: Enumeration + info gathering, but let me explain before you say 'you did not know that already?!'. Info gathering has been highlighted here a lot and even on the offsec forums, after 'try harder' thats the 2nd most popular phrase used. I found out later that I did all the info gathering I could, more than enough infact, tons and tons of it. The Big mistake i did was not having the patience and the discipline to analyse each and every point and line of the info gathered, to see how it could be used in an attack. It really is a mindset that comes with experience I think, and it has made me aware of how much more I need to practise and learn before it becomes a natural thing.

So anyways, sent the report the next day and I was almost sure I would not pass, , I was not sure if what I had done would be enough. I think I was pretty borderline, I had already started sweet talking the missus for sacrificing another weekend for my second attempt, but the results came in 2 days and yaaa, it was a pass!

It was a wild ride, i enjoyed every moment of it, and more than what I have learned, I am grateful to OSCP for making me realise what I do not know, and the gaps in my knowledge. Other certs are for HR to filter out your resume in that job hunt, and yes they are important, but OSCP is for yourself primarily. To those who are considering taking it, plan to manage your time for 2-3 months and take it, its a very worthy investment.

Last edited by amol_d on Wed Apr 11, 2012 9:15 am, edited 1 time in total.

I'm considering taking the OSCP and trying to brush up on some fundamentals. The prerequisites I've seen on the web and even the OSCP's website are extremely ambiguous when it comes to linux & programming skills:

A solid understanding of TCP/IP, networking and reasonable Linux skills. More information can be found in the respective course description and course documentation.

Can you give an example of what kind of Python programming you need for this class? Is it just limited to print/echo and a few if/else/whiles or are we talking about lists/dictionaries/classes and more? Is there any Ruby and/or Perl required?

Hi DragonGorgeI agree the requirements are ambiguos, because its very subjective, whats rudimentary to the offsec folks may not be to others. I shouldnot worry too much about the python knowledge though. I had very basic shell scripting and perl knowledge and 0 knowledge of python. Although python is widely used, its not hard to understand. The videos are very well designed: when they do a python script for the first time they will explain all the syntax and what it does, for the next one if there is a new command being used they will explain that as well so learning as you go along is good enough i think.

One more thing I would like to add:there is a lot of self learning involved. Its a very good idea to go through videos on securitytube and g0tmilk's blogspot site. I also found it useful during labs that, when I was suspecting a particular weakness existed but was not able to exploit it, to go on youtube/security tube and search. A lot of times someone would have made a video going through the attack steps for a similar situation, or I would find tips on how to approach the problem eg a tool in backtrack I had not tried before, but which could be used in that situation. g0tmilks site is really good for a newbie to see how a hack is carried out (with good music in the background !) It helped me to visualise how I should be approaching targets in general. corelan.be is good for buffer overflows if you are interested in the topic. I had done the tuts on this site before I had heard of OSCP, purely because i was interested in BOFs and it helped me understand the OSCP lectures faster.

One thing I would have liked more in the lectures was more emphasis on privilege escalation. I guess this is where sys admin experience, of which i had none, helps. g0tmilks site has a huge list of things to check for privilege escalation, on this forum Sil has a great post where he has detailed the things you should look out for as well.

amol_d wrote:One more thing I would like to add:there is a lot of self learning involved. Its a very good idea to go through videos on securitytube and g0tmilk's blogspot site. I also found it useful during labs that, when I was suspecting a particular weakness existed but was not able to exploit it, to go on youtube/security tube and search. A lot of times someone would have made a video going through the attack steps for a similar situation, or I would find tips on how to approach the problem eg a tool in backtrack I had not tried before, but which could be used in that situation. g0tmilks site is really good for a newbie to see how a hack is carried out (with good music in the background !) It helped me to visualise how I should be approaching targets in general. corelan.be is good for buffer overflows if you are interested in the topic. I had done the tuts on this site before I had heard of OSCP, purely because i was interested in BOFs and it helped me understand the OSCP lectures faster.

One thing I would have liked more in the lectures was more emphasis on privilege escalation. I guess this is where sys admin experience, of which i had none, helps. g0tmilks site has a huge list of things to check for privilege escalation, on this forum Sil has a great post where he has detailed the things you should look out for as well.

one thing i find really good about the course is the buffer overflow part, it is well explained and documented and takes you through the process step by step, unlike other parts, but those you can figure out by yourself like you stated

anyway thanks for the writeup!

CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net

j0rdy, i totally agree, the oscp videos on buffer overflows has to be one of the best introductions to buffer overflows for newbies. it was explained so well that i have become addicted to it, i am now on grey-corner.blogspot.com tutorials and corelan.be tutorials, to prepare myself for osce later on because i have heard that osce is mostly about fuzzing and exploit development.